Commit Graph

38 Commits (f0119b5c754f46be7814dca04d73a7710a720689)

Author SHA1 Message Date
James Elliott 171b323274
docs: enhance supported proxies documentation (#2210)
This enhances the supported proxies documentation to be more comprehensive.
2021-08-04 11:21:49 +10:00
James Elliott 1440394b60
docs: fix missing line from the lite guide (#2230)
This ensures users checkout the latest tagged release when using the lite deployment.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 20:52:13 +10:00
James Elliott 0fbd3c3938
docs: update and unify contact options (#2213)
This updates and unifies the contact options so it is easier to maintain. All contact options now link back to one of two locations, and both of these locations are a copy and paste for the most part.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-07-30 14:19:17 +10:00
James Elliott 0da770d900
docs: misc fixes (#2186)
This fixes misc broken links in the docs as well as an invalid viewBox element.
2021-07-15 13:21:47 +10:00
James Elliott c555c10496
docs: add matrix space information and update readme (#2061)
* docs: add matrix space information and update readme

We recently created a Matrix Space which includes both the original room, and a new contributing room. This commit also performs some basic housekeeping on the README.md, including but not limited to: factorizing the security section, adjusting the main description, clearly outlining areas where help is wanted, adding information related to the helm chart, adding more details in the features summary, grammar, and misc other changes.

* docs: update security to be in line with the readme
2021-06-06 15:53:28 +10:00
Frederic Hemberger 4cfda7eece
fix(docs): Update link to Lite bundle (#2048) 2021-06-01 01:17:26 +02:00
James Elliott 08e674b62f
docs: refactor several areas of documentation (#1726)
Updated all links to use https://www.authelia.com/docs/.
Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections.
Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted.
Added .yamllint.yaml to express our desired YAML styles.
Added a style guide.
Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start.
Added a statelessness guide for the pending Kubernetes chart introduction.
Added labels to configuration documentation and made many areas uniform.
2021-04-11 21:25:03 +10:00
Amir Zarrinkafsh 661d82587e
fix: remove health checks on compose examples (#1871)
Traefik does not add routes for containers via the Docker provider if the health check does not return healthy, this causes inadvertent user experience issues when attempting the pre-made compose examples.

This change removes the health checks for said examples and also ensures that Traefik logs are written to stdout so a user can view them within the Docker container logs.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-30 16:17:11 +11:00
Amir Zarrinkafsh 66b010cb59
docs: fix haproxy examples for /api/verify?auth=basic (#1835)
The previous examples did not appropriately pass through the WWW-Authenticate header and 401 when the user was unauthenticated therefore not resulting in a basic auth login prompt.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-18 19:56:08 +11:00
James Elliott 4dce8f9496
perf(authorizer): preload access control lists (#1640)
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
2021-03-05 15:18:31 +11:00
ThinkChaos ba65a3db82
feat(handlers): authorization header switch via query param to /api/verify (#1563)
* [FEATURE] Add auth query param to /api/verify (#1353)

When `/api/verify` is called with `?auth=basic`, use the standard
Authorization header instead of Proxy-Authorization.

* [FIX] Better basic auth error reporting

* [FIX] Return 401 when using basic auth instead of redirecting

* [TESTS] Add tests for auth=basic query param

* [DOCS] Mention auth=basic argument and provide nginx example

* docs: add/adjust basic auth query arg docs for proxies

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-24 10:35:04 +11:00
Kristof Mattei b20f62b015
Update example to set correct internal trusted ranges. (#1575) 2021-01-02 07:36:12 +11:00
Timo 495e57b46c
[DOCS] Make HAProxy regex case insensitive (#1478) 2020-11-24 12:35:38 +11:00
Amir Zarrinkafsh a83ccd7188
[FEATURE] Add Remote-Name and Remote-Email headers (#1402) 2020-10-26 22:38:08 +11:00
Amir Zarrinkafsh 607f829431
[DOCS] Clean HAProxy examples (#1338)
Remove headers that are not required and fix a typo.
2020-09-23 17:29:46 +10:00
Amir Zarrinkafsh 5b98b4d090
[BUGFIX] Fix HAProxy redirects (#1333)
Including updates to docs examples.
2020-09-23 09:06:26 +10:00
Amir Zarrinkafsh 771c220d38
[FEATURE] Support updated haproxy-auth-request (#1310)
* [FEATURE] Support updated haproxy-auth-request
This version removes the dependency of lua-socket which seemed to result in many unsupported and broken BSD/Pfsense deployments.

* Fix docs indentation

* Add haproxy-lua-http to TLS enabled configuration
2020-09-10 10:52:57 +10:00
Chris Smith c70255f9ef
[DOCS] Add FAQ for Kubernetes deployment (#1252)
* Add note to Kubernetes page about potential OOM

See #1234
2020-08-14 13:30:37 +10:00
Amir Zarrinkafsh c5916cbce6
[DOCS] Adjust Deployment navigation order (#1160) 2020-06-29 16:55:41 +10:00
Amir Zarrinkafsh ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Clément Michaud 2c0fa811a2
[DOCS] Improve documentation around Remote-User and Remote-Groups usage. (#1091)
* [DOCS] Improve documentation around Remote-User and Remote-Groups usage.

* Update docs/deployment/supported-proxies/index.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-08 17:17:24 +10:00
Amir Zarrinkafsh 08d412ece8
[DOCS] Add FAQs to Traefik2 (#1038)
Closes #997.
2020-05-21 16:48:54 +02:00
Amir Zarrinkafsh 561a3f551c
[DOCS] Fix typos in proxy examples (#1015)
Also include global http -> https redirection in Traefik 2.x example.
2020-05-14 13:26:52 +10:00
Clément Michaud da5c722cf8
[DOCS] Introduce an FAQ and document forwarded authentication. (#962)
* add FAQ docs section
* add forwarded authentication section to deployments > supported proxies
* apply suggestions from code review

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-03 13:18:13 +10:00
Amir Zarrinkafsh 310c5dc09b
[DOCS] Harmonize Remote-User and Remote-Groups headers in nginx example (#963)
Fixes #957.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-02 17:10:26 +02:00
Amir Zarrinkafsh f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
Amir Zarrinkafsh ff2df8b039
[DOCS] Fix HAProxy typo (#937) 2020-04-28 21:00:10 +10:00
Amir Zarrinkafsh 69859aa5d4
[DOCS] Update HAProxy code syntax style (#936) 2020-04-28 20:53:06 +10:00
Amir Zarrinkafsh dca8a5343a
[DOCS] Update proxy integration example for HAProxy (#935)
* [DOCS] Update proxy integration example for HAProxy

* Minor style tweak

* Update haproxy.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-04-28 19:17:45 +10:00
Amir Zarrinkafsh 76e8142032
[DOCS] Add Remote-User and Remote-Groups headers to Traefik docs and examples (#849) 2020-04-11 11:49:54 +10:00
Amir Zarrinkafsh e843a52a04
[Docker] Include docker-compose.yml examples to run Authelia (#642)
* [Docker] Create Lite docker-compose.yml example

* [Docker] Update README.md with 3 compose bundles {Local,Lite,Full}

* [DOCS] Update Traefik2 proxy example

* [Docker] Create Local docker-compose.yml example

* [MISC] Update examples to utilise Traefik 2.2
This change enables global http -> https redirection.

* [Docker] Update Local compose to utilise loopback address

* [Docker] Drop compose version to 3.3 to cater for more distros

* [DOCS] Adjust Getting Started

* [Docker] Tweak Local bundle setup for OSX

* [Docker] Optimise setup.sh for Local bundle

* [Docker] Fix read-only mounting of user database

* [DOCS] Implement feedback for compose bundles

* [DOCS] Provide feedback on self-signed certificates

* [DOCS] Implement additional feedback for compose bundles

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-03-27 10:43:10 +11:00
Amir Zarrinkafsh f3fd79d731
[DOCS] Review all docs and adjust since the initial refactoring (#698)
* [DOCS] Review all docs and adjust since the initial refactoring

* [DOCS] Minor tweaks
2020-03-10 09:37:46 +11:00
Clément Michaud 3c8babbd4f
[DOCS] Proxy documentation not available anymore. (#692) 2020-03-08 16:29:16 +01:00
James Elliott 26369fff3d
[FEATURE] Support Argon2id password hasing and improved entropy (#679)
* [FEATURE] Support Argon2id Passwords

- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template

* Adjust error output

* Fix unit test

* Add unit tests and argon2 version check

* Fix new unit tests

* Update docs, added tests

* Implement configurable values and more comprehensive testing

* Added cmd params to hash_password, updated docs, misc fixes

* More detailed error for cmd, fixed a typo

* Fixed cmd flag error, minor refactoring

* Requested Changes and Minor refactoring

* Increase entropy

* Update docs for entropy changes

* Refactor to reduce nesting and easier code maintenance

* Cleanup Errors (uniformity for the function call)

* Check salt length, fix docs

* Add Base64 string validation for argon2id

* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type

* Update crypt go mod, support argon2id key length and major refactor

* Config Template Update, Final Tests

* Use schema defaults for hash-password cmd

* Iterations check

* Docs requested changes

* Test Coverage, suggested edits

* Wording edit

* Doc changes

* Default sanity changes

* Default sanity changes - docs

* CI Sanity changes

* Memory in MB
2020-03-06 12:38:02 +11:00
Clément Michaud 0c43740a4e
[FEATURE] Add command to generate self-signed certs in authelia binary. (#676)
* [FEATURE] Add command to generate self-signed certs in authelia binary.
* Apply suggestions from code review

Fixes #454 

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-01 14:08:09 +01:00
James Elliott ffc87c1006
[DOCS] Fix Docs Links (#674)
- Fixed a few broken links
2020-03-01 16:58:26 +11:00
Clément Michaud b311bd5ead
[DOCS] Improve documentation about the integration with proxies. (#669)
* [DOCS] Improve documentation about the integration with proxies.

This improvement resolves #384.

* Update index.md
2020-03-01 12:11:16 +11:00
Clément Michaud adf7bbaf5b
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 01:43:59 +01:00